UK Government Says BlackBerry 10 Not Secure Enough Yet Confident it Will Be a “Viable Solution”

This was an obvious move by the British government that The Guardian has truly blown out of proportion. In a nutshell only BlackBerry 7 and BlackBerry 7.1 devices are approved by the UK’s CESG (Communications-Electronics Security Group) for “essential work” which means classifications up to “Restricted.” BlackBerry OS 7.1 was just approved in December 2012 due to a recent change in the CESG Commercial Product Assurance Scheme which is also delaying BlackBerry 10s approval. The Guardian seems to think this is a HUGE blow for BlackBerry but currently BlackBerry 7 is the only alternative for the UK government. BlackBerry has gone on record saying that the Guardian article is “false and misleading.” Better yet the UK Government Communications Headquarters put out a statement that:

"We have a strong security partnership with BlackBerry and this gives us confidence That BlackBerry 10 is Likely to Represent a viable solution for UK Government"

What they are really missing is the fact that many high security institutions are waiting for the next version of BES that allows for “Advanced Security Policies” like the ones we have on legacy BlackBerry devices. These are policies that allow administrators to do things like totally disable the personal partition on BlackBerry 10. These new features are on schedule and BlackBerry has quite a few companies testing it out.

In short I would not worry too much. These certifications take awhile and move at a snails pace. I was shocked how fast BlackBerry 10 received the US government’s FIPS 140-2 certification of BlackBerry 10 and the selection of BlackBerry 10 by the German Procurement Office and Federal Office for Information Security.

Here is what BlackBerry had to say about the topic:

"We have a long-established relationship with CESG and we remain the only mobile solution approved for use at ‘Restricted’ when configured in accordance with CESG guidelines. This level of approval only comes following a process which is rigorous and absolutely necessary given the highly confidential nature of the communications being transmitted.

There are six levels of government clearance ranging from unrestricted (Impact Level 0) is top secret (Impact Level 6); BlackBerry 7.1 devices are IL3 Granted access to data.

"The current restructuring of this approval process, due to the Government Protective Marking Scheme review and the new CESG Commercial Product Assurance scheme has an impact on the timeline for BlackBerry 10 to receive a similar level of approval. The US government’s FIPS 140-2 certification of BlackBerry 10 and the selection of BlackBerry 10 by the German Procurement Office and Federal Office for Information Security underline how our new platform continues to set the standard for government communications.

"We are continuing to work closely with CESG on the approval of BlackBerry 10 and we’re confident that BlackBerry 10 will only strengthen our position as the mobile solution of choice for the UK government."

Thanks for finding that quote. I guess CESG is not the mystery buyer of 1 million devices then ;).

About the DE gov, let’s not forget that they’re buying €1500 software/hardware packages, not just a Z10 or Galaxy handset with the default config, so they probably didn’t need to wait for a better BES.